Group Policy

KRB_AP_ERR_BAD_INTEGRITY

First cousin once removed to KRB_AP_ERR_MODIFIED Most anyone who would be interested in reading an article like this has very likely encountered the error, KRB_AP_ERR_MODIFIED. This error tells us one thing: The account secret (aka password hash) that is being used to decipher the ticket cannot decipher the ticket. The most common reasons are: The […]

KRB_AP_ERR_BAD_INTEGRITY Continue Reading

The Twelve Days of Blog-mas: No.5 – The Endpoint Management Jigsaw

Happy Tuesday – You’re back for more, I see? Most orgs (hopefully) have a well-developed ‘practice’ around Endpoint management, combining people, process and technology to deploy, configure, operate and support a fleet of devices that adhere to corporate policy.  This has been a main-stay of endpoint IT Pros for decades. As IT Pros, whether we like

The Twelve Days of Blog-mas: No.5 – The Endpoint Management Jigsaw Continue Reading

SMB alternative ports now supported in Windows Insiders

Heya folks, Ned here again. Starting with Windows 11 Insider preview Build 25992 (Canary), the SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using alternative network ports. Today I’ll explain how to configure this and talk about the near future of this in Windows and Windows Server Insiders a bit. Previous port behaviors

SMB alternative ports now supported in Windows Insiders Continue Reading

SMB alternative ports now supported in Windows Insider

Heya folks, Ned here again. Starting with Windows 11 Insider preview Build 25992 (Canary) and Windows Server Preview Build 25997, the SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using alternative network ports. Today I’ll explain how to configure this and talk about the near future of this in Windows and Windows Server Insiders a

SMB alternative ports now supported in Windows Insider Continue Reading

SMB firewall rule changes in Windows Insider

Heya folks, Ned here again. Starting with Windows 11 Insider preview Build 25992 (Canary), creating SMB shares changes a longtime Windows Defender Firewall default behavior. Before Previously, creating a share automatically configured the firewall to enable the rules in the “File and Printer Sharing” group for the given firewall profiles. This began in Windows XP SP2 with the

SMB firewall rule changes in Windows Insider Continue Reading

Active Directory Hardening Series – Part 1 – Disabling NTLMv1

Hello everyone, Jerry Devore back again after to along break from blogging to talk about Active Directory hardening.  In my role at Microsoft, I have found every organization has room to improve when it comes to hardening Active Directory.  Many times, customers are aware of issues but are afraid of unintended impacts if they make

Active Directory Hardening Series – Part 1 – Disabling NTLMv1 Continue Reading

SMB dialect management now supported in Windows Insider

Heya folks, Ned here again. Beginning in Windows 11 Insider Preview Build 25951 (Canary), the SMB server now supports controlling which SMB 2 and 3 dialects it will negotiate. This changes legacy behavior, where Windows SMB server always negotiated the highest matched server dialect from SMB 2.0.2 to 3.1.1 clients. Beginning in Windows 10, support was added for

SMB dialect management now supported in Windows Insider Continue Reading

SMB NTLM blocking now supported in Windows Insider

Heya folks, Ned here again. Beginning in Windows 11 Insider Preview Build 25951 (Canary), the SMB client now supports blocking NTLM for remote outbound connections. This changes legacy behavior, where Windows SPNEGO would negotiate Kerberos, NTLM, and other mechanisms with the destination server to decide on a supported security package. NTLM in this case refers to all versions

SMB NTLM blocking now supported in Windows Insider Continue Reading

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along

Flax Typhoon using legitimate software to quietly access Taiwanese organizations Continue Reading

Deploying Microsoft Defender for Servers in Network-Restricted Environments

Microsoft Defender for Servers (part of the Microsoft Defender for Cloud security suite), being a comprehensive solution for server protection across multi-cloud and hybrid environments, requires the deployment of several agents to achieve its multiple protection capabilities. As many of our customers run their Windows/Linux server environments without direct Internet outbound connectivity, there is a

Deploying Microsoft Defender for Servers in Network-Restricted Environments Continue Reading